From 1f0bd51f5508c62e60d81d4efd5ee6c95c3aad5f Mon Sep 17 00:00:00 2001 From: Stephan Date: Tue, 16 Aug 2022 10:08:03 +0100 Subject: [PATCH 1/4] GitHubDriver: stricter URL validation to avoid issues with undefined index owner (#10985) --- src/Composer/Repository/Vcs/GitHubDriver.php | 4 ++-- .../Test/Repository/Vcs/GitHubDriverTest.php | 20 +++++++++++++++++-- 2 files changed, 20 insertions(+), 4 deletions(-) diff --git a/src/Composer/Repository/Vcs/GitHubDriver.php b/src/Composer/Repository/Vcs/GitHubDriver.php index 96f7ed996..0cde0c871 100644 --- a/src/Composer/Repository/Vcs/GitHubDriver.php +++ b/src/Composer/Repository/Vcs/GitHubDriver.php @@ -59,7 +59,7 @@ class GitHubDriver extends VcsDriver */ public function initialize() { - if (!Preg::isMatch('#^(?:(?:https?|git)://([^/]+)/|git@([^:]+):/?)([^/]+)/(.+?)(?:\.git|/)?$#', $this->url, $match)) { + if (!Preg::isMatch('#^(?:(?:https?|git)://([^/]+)/|git@([^:]+):/?)([^/]+)/([^/]+?)(?:\.git|/)?$#', $this->url, $match)) { throw new \InvalidArgumentException(sprintf('The GitHub repository URL %s is invalid.', $this->url)); } @@ -390,7 +390,7 @@ class GitHubDriver extends VcsDriver */ public static function supports(IOInterface $io, Config $config, $url, $deep = false) { - if (!Preg::isMatch('#^((?:https?|git)://([^/]+)/|git@([^:]+):/?)([^/]+)/(.+?)(?:\.git|/)?$#', $url, $matches)) { + if (!Preg::isMatch('#^((?:https?|git)://([^/]+)/|git@([^:]+):/?)([^/]+)/([^/]+?)(?:\.git|/)?$#', $url, $matches)) { return false; } diff --git a/tests/Composer/Test/Repository/Vcs/GitHubDriverTest.php b/tests/Composer/Test/Repository/Vcs/GitHubDriverTest.php index fcffb583b..4bd45ab40 100644 --- a/tests/Composer/Test/Repository/Vcs/GitHubDriverTest.php +++ b/tests/Composer/Test/Repository/Vcs/GitHubDriverTest.php @@ -342,14 +342,16 @@ class GitHubDriverTest extends TestCase } /** + * @dataProvider invalidUrlProvider + * @param string $url * @return void */ - public function initializeInvalidReoUrl() + public function testInitializeInvalidReoUrl($url) { $this->setExpectedException('\InvalidArgumentException'); $repoConfig = array( - 'url' => 'https://github.com/acme', + 'url' => $url, ); $io = $this->getMockBuilder('Composer\IO\IOInterface')->getMock(); @@ -361,6 +363,18 @@ class GitHubDriverTest extends TestCase $gitHubDriver->initialize(); } + /** + * @return list + */ + public function invalidUrlProvider() + { + return array( + array(false, 'https://github.com/acme'), + array(false, 'https://github.com/acme/repository/releases'), + array(false, 'https://github.com/acme/repository/pulls'), + ); + } + /** * @dataProvider supportsProvider * @param bool $expected @@ -382,6 +396,8 @@ class GitHubDriverTest extends TestCase array(false, 'https://github.com/acme'), array(true, 'https://github.com/acme/repository'), array(true, 'git@github.com:acme/repository.git'), + array(false, 'https://github.com/acme/repository/releases'), + array(false, 'https://github.com/acme/repository/pulls'), ); } From 6457a88aa18cbc5972d076c46716c12b9f7fa551 Mon Sep 17 00:00:00 2001 From: Jordi Boggiano Date: Tue, 16 Aug 2022 11:15:52 +0200 Subject: [PATCH 2/4] Fix COMPOSER_NO_DEV to work with --update-no-dev for require/remove commands as well, refs #10995 --- src/Composer/Command/BaseCommand.php | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/Composer/Command/BaseCommand.php b/src/Composer/Command/BaseCommand.php index 59cbbe9ab..2438614f8 100644 --- a/src/Composer/Command/BaseCommand.php +++ b/src/Composer/Command/BaseCommand.php @@ -165,6 +165,11 @@ abstract class BaseCommand extends Command $input->setOption('no-dev', true); } } + if (true == $input->hasOption('update-no-dev')) { + if (!$input->getOption('update-no-dev') && true == Platform::getEnv('COMPOSER_NO_DEV')) { + $input->setOption('update-no-dev', true); + } + } parent::initialize($input, $output); } From 598c1c75732b59d37e7a9de9bc16036a0f2a0107 Mon Sep 17 00:00:00 2001 From: Jordi Boggiano Date: Tue, 16 Aug 2022 11:19:20 +0200 Subject: [PATCH 3/4] Fix phpstan error --- src/Composer/Command/BaseCommand.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Composer/Command/BaseCommand.php b/src/Composer/Command/BaseCommand.php index 2438614f8..00714d7a4 100644 --- a/src/Composer/Command/BaseCommand.php +++ b/src/Composer/Command/BaseCommand.php @@ -166,7 +166,7 @@ abstract class BaseCommand extends Command } } if (true == $input->hasOption('update-no-dev')) { - if (!$input->getOption('update-no-dev') && true == Platform::getEnv('COMPOSER_NO_DEV')) { + if (true !== $input->getOption('update-no-dev') && true == Platform::getEnv('COMPOSER_NO_DEV')) { $input->setOption('update-no-dev', true); } } From f2141dd3ea419745319ce3ac4ebdf583fef22e31 Mon Sep 17 00:00:00 2001 From: Jordi Boggiano Date: Tue, 16 Aug 2022 11:25:15 +0200 Subject: [PATCH 4/4] Fix tests from #10985 --- .../Composer/Test/Repository/Vcs/GitHubDriverTest.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/Composer/Test/Repository/Vcs/GitHubDriverTest.php b/tests/Composer/Test/Repository/Vcs/GitHubDriverTest.php index 4bd45ab40..58b9f7482 100644 --- a/tests/Composer/Test/Repository/Vcs/GitHubDriverTest.php +++ b/tests/Composer/Test/Repository/Vcs/GitHubDriverTest.php @@ -346,7 +346,7 @@ class GitHubDriverTest extends TestCase * @param string $url * @return void */ - public function testInitializeInvalidReoUrl($url) + public function testInitializeInvalidRepoUrl($url) { $this->setExpectedException('\InvalidArgumentException'); @@ -364,14 +364,14 @@ class GitHubDriverTest extends TestCase } /** - * @return list + * @return list */ public function invalidUrlProvider() { return array( - array(false, 'https://github.com/acme'), - array(false, 'https://github.com/acme/repository/releases'), - array(false, 'https://github.com/acme/repository/pulls'), + array('https://github.com/acme'), + array('https://github.com/acme/repository/releases'), + array('https://github.com/acme/repository/pulls'), ); }